Improper Removal of Sensitive Information Before Storage or Transfer in follow-redirects

CVE-2022-0536

follow-redirects
org.webjars.npm:follow-redirects

Medium

5.9/10

Summary

Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

References

Advisory
Disclosure

Advisory Timeline

Published Feb 09, 2022

Improper Removal of Sensitive Information Before Storage or Transfer in follow-redirects

CVE-2022-0536

Summary

CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS